Black Hat USA 2. 01. Long gone are the days when . The harsh reality of the now is that the security community hasn't kept pace with the importance of technology in our society, even as the stakes have grown higher than ever.

Our adversaries are no longer motivated only by money, personal data or competitive intelligence, but are now driven to use the critical technologies of our lives to arrest journalists and activists, to suppress democracy and manipulate public opinion. In these times, our community has a responsibility to the people of the world that goes beyond traditional facets of information security. This talk will explore how we can adapt to better confront the obstacles we face as security practitioners. Can we incentivize and celebrate defensive security research in the same way that we applaud the discovery of vulnerabilities?

A now-patched flaw in Broadcom WiFi chips opened 1B iPhones and Android devices to a fully remote worm attack — Wi-Fi chips used in iPhones and Android may revive. Should I Remove It? Buakaw torrent are displayed, Picture motion browser for sony handycam, Samsung digimax i6 driver. Discover how to compete in the new digital era and outpace technology breakthroughs with an efficient, secure, adaptive and integrated IT infrastructure from IBM.

How do we foster intelligent discussion of real- world trade- offs while avoiding sensationalism? We will discuss real situations from the last year where our community could have risen to the occasion, we will analyze what failed, and propose how we can further help protect people.

Broadcom Advanced Control Suite 4 Dell

Briefings. In this presentation, one vulnerability in CSFB (Circuit Switched Fallback) in 4. G LTE network is introduced. In the CSFB procedure, we found the authentication step is missing.

Get More of What You Want for Back-to-School Gear up for success with 7th Generation AMD A-Series APUs. The Control Panel is a part of the Microsoft Windows, in older versions, which allows users to view and manipulate basic system settings and controls via applets.

The result is that an attacker can hijack the victim's communication. We named this attack as 'Ghost Telephonist.' Several exploitations can be made based on this vulnerability. When the call or SMS is not encrypted, or weakly encrypted, the attacker can get the content of the victim's call and SMS. The attacker can also initiate a call/SMS by impersonating the victim. Furthermore, Telephonist Attack can obtain the victim's phone number and then use the phone number to make advanced attack, e. The victim will not sense being attacked since no 4.

G or 2. G fake base station is used and no cell re- selection. These attacks can randomly choose victims or target a given victim. We verified these attacks with our own phones in operators' network in a small controllable scale. The experiments proved the vulnerability really exists. Finally, the countermeasures are proposed and now we are collaborating with operators and terminal manufactures to fix this vulnerability. A number of talks in the last few years have addressed various topics in the generic area of industrial control system insecurity but only few have tapped into security of building automation systems, albeit its prevalence. The usage of building automation, regardless if in private homes or corporate buildings, aims to optimize comfort, energy efficiency and physical access for its users.

Is cyber security part of the equation? Unfortunately, not to the extent one might expect, cyber security is quite often found to be sacrificed either for comfort or efficiency. The higher number of small and large- scale installations combination with easily exploitable vulnerabilities leads to a stronger exposure of building automation systems, which are often overlooked. Even worse, an adversary understanding the usage of regular building automation protocol functions for malicious purposes may not only create chaos within the breached building but can potentially even peak into internal networks over building protocols which are otherwise not reachable. This talk describes prototypic attack scenarios through building automation systems one should consider, and how even without exploits, a number of protocol functions in common building automation protocols like BACnet/IP and KNXnet/IP can support a malicious adversary going for those scenarious.

For penetration testers who would like to explore this interesting field of industrial security research, we include a section on tooling. We will discuss noteworthy tools both from the security toolbox but also from the building automation toolbox for carrying out a number of attacks or their preparatory steps. We will close out talk by discussing existing security measures proposed by the building automation industry as well as their adoption problems found in this field. We propose a new exploit technique that brings a whole- new attack surface to bypass SSRF (Server Side Request Forgery) protections. This is a very general attack approach, in which we used in combination with our own fuzzing tool to discover many 0days in built- in libraries of very widely- used programming languages, including Python, PHP, Perl, Ruby, Java, Java. Script, Wget and c. URL. The root cause of the problem lies in the inconsistency of URL parsers and URL requesters.

Being a very fundamental problem that exists in built- in libraries, sophisticated web applications such as Word. Press (2. 7% of the Web), v. Bulletin, My. BB and Git. Hub can also suffer, and 0days have been discovered in them via this technique. This general technique can also adapt to various code contexts and lead to protocol smuggling and SSRF bypassing.

Several scenarios will be demonstrated to illustrate how URL parsers can be exploited to bypass SSRF protection and achieve RCE (Remote Code Execution), which is the case in our Git. Hub Enterprise demo. Understanding the basics of this technique, the audience won't be surprised to know that more than 2. For years, the cybersecurity industry has struggled with how to measure the cyber- readiness of an organization.

To truly test the effectiveness of an organization's detect and response capabilities to a cyberattack, it's necessary to provide a sparring partner. The increased reliance on wind energy makes wind farm control systems attractive targets for attackers. This talk explains how wind farm control networks work and how they can be attacked in order to negatively influence wind farm operations (e. Specifically, implementations of the IEC 6. OPC XML- DA). This research is based on an empirical study of a variety of U.

S. We explain how these security assessments reveal that wind farm vendor design and implementation flaws have left wind turbine programmable automation controllers and OPC servers vulnerable to attack. Additionally, proof- of- concept attack tools are developed in order to exploit wind farm control network design and implementation vulnerabilities. Our research has identified several models of Android mobile devices that contained firmware that collected sensitive personal data about their users and transmitted this sensitive data to third- party servers in China - without disclosure or the users' consent. These devices were available through major US- based online retailers (Amazon, Best. Buy, for example) and included popular smartphones such as the BLU R1 HD and the BLU Life One X2.

These devices actively transmitted user and device information including the full- body of text messages, call history with full telephone numbers, unique device identifiers including the International Mobile Subscriber Identity (IMSI), serial number, Media Access Control (MAC) address, and the International Mobile Equipment Identity (IMEI). The firmware could target specific users and text messages matching remotely- defined keywords. The firmware also collected and transmitted information about the use of applications installed on the monitored device, bypassed the Android permission model, executed remote commands with escalated (system) privileges, and was able to remotely reprogram the devices. The firmware that shipped with the mobile devices and subsequent updates allowed for the remote installation of applications without the users' consent and, in some versions of the software, the transmission of fine- grained device location information. The core of the monitoring activities took place using a commercial Firmware Over The Air (FOTA) update software system that was shipped with the Android devices we tested and were managed by a company named Shanghai Adups Technology Co.

Ltd. Our findings are based on both code and network analysis of the firmware. The user and device information was collected automatically and transmitted periodically without the users' consent or knowledge.

Some of the collected information was encrypted and then transmitted over secure web protocols to a server located in Shanghai. This software and behavior bypasses the detection of mobile anti- virus tools because they assume that software that ships with the device is not malware and thus, it is white- listed. In September 2. 01. Adups claimed on its web site to have a world- wide presence with over 7. Shanghai, Shenzhen, Beijing, Tokyo, New Delhi, and Miami.

The Adups web site also stated that it produces firmware that is integrated in more than 4. Active Directory (AD) object discretionary access control lists (DACLs) are an untapped offensive landscape, often overlooked by attackers and defenders alike. The control relationships between AD objects align perfectly with the . It's often difficult to determine whether a specific AD DACL misconfiguration was set intentionally or implemented by accident. This makes Active Directory DACL backdoors an excellent persistence opportunity: minimal forensic footprint, and maximum plausible deniability. This talk will cover Active Directory DACLs in depth, our .

We will cover the abuse of AD DACL misconfigurations for the purpose of domain rights elevation, including common misconfigurations encountered in the wild. We will then cover methods to design AD DACL backdoors, including ways to evade current detections, and will conclude with defensive mitigation/detection techniques for everything described. Electricity is of paramount importance in our everyday lives.

Our dependence on it is particularly evident during even brief power outages. You can think of power systems as the backbone of critical infrastructures.

To date, cyber- attacks against power systems are considered to be extremely sophisticated and only within the reach of nation- states.